CVE-2026-7389— EyouCMS common.php GetSortData sql injection

CVSS 7.3 · High EPSS 0.04% · P11 Updated Apr 30, 2026

Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2026-7389

Vulnerability Information

Have questions about the vulnerability? See if Shenlong's analysis helps!

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title

EyouCMS common.php GetSortData sql injection

Source: NVD (National Vulnerability Database)

Vulnerability Description

A security vulnerability has been detected in EyouCMS up to 1.7.9. The affected element is the function GetSortData of the file application/common.php. The manipulation of the argument sort_asc leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed publicly and may be used. The project was informed of the problem early through an issue report but has not responded yet.

Source: NVD (National Vulnerability Database)

CVSS Information

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Source: NVD (National Vulnerability Database)

Vulnerability Type

SQL命令中使用的特殊元素转义处理不恰当(SQL注入)

Source: NVD (National Vulnerability Database)

Vulnerability Title

EyouCMS 注入漏洞

Source: CNNVD (China National Vulnerability Database)

Vulnerability Description

EyouCMS是中国易优（Eyou）公司的一套基于ThinkPHP的开源内容管理系统（CMS）。 EyouCMS 1.7.9及之前版本存在注入漏洞，该漏洞源于文件application/common.php中函数GetSortData的参数sort_asc操作不当，可能导致SQL注入。

Source: CNNVD (China National Vulnerability Database)

CVSS Information

N/A

Source: CNNVD (China National Vulnerability Database)

Vulnerability Type

N/A

Source: CNNVD (China National Vulnerability Database)

Affected Products

Vendor	Product	Affected Versions	CPE	Subscribe
-	EyouCMS	1.7.0	`cpe:2.3:a:eyoucms:eyoucms::::::::`

II. Public POCs for CVE-2026-7389

#	POC Description	Source Link	Shenlong Link

AI-Generated POCPremium

No public POC found.

III. Intelligence Information for CVE-2026-7389

请登录查看更多情报信息。

Same Patch Batch · n/a · 2026-04-29 · 14 CVEs total

CVE-2026-7388	4.7 MEDIUM	EyouCMS Template File FilemanagerLogic.php editFile code injection
CVE-2026-36837		TOTOLINK A3002RU 安全漏洞
CVE-2026-36841		TOTOLINK N200RE 命令注入漏洞
CVE-2026-38992		Cockpit 安全漏洞
CVE-2026-38991		Cockpit 代码问题漏洞
CVE-2026-38993		Cockpit 路径遍历漏洞
CVE-2026-37555		libsndfile 输入验证错误漏洞
CVE-2026-30769		EnTech Taiwan TVicPort 输入验证错误漏洞
CVE-2025-56536		OpenNebula 跨站脚本漏洞
CVE-2025-56534		OpenNebula 跨站脚本漏洞
CVE-2025-56537		OpenNebula 跨站脚本漏洞
CVE-2025-56535		OpenNebula 跨站脚本漏洞
CVE-2025-50328		B1FREE 安全漏洞

IV. Related Vulnerabilities

Same product: EyouCMS

Same vendor: n/a

Same weakness: CWE-89

V. Comments for CVE-2026-7389

No comments yet

Goal Reached Thanks to every supporter — we hit 100%!

CVE-2026-7389— EyouCMS common.php GetSortData sql injection

I. Basic Information for CVE-2026-7389

Vulnerability Information

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Affected Products

II. Public POCs for CVE-2026-7389

III. Intelligence Information for CVE-2026-7389

Same Patch Batch · n/a · 2026-04-29 · 14 CVEs total

IV. Related Vulnerabilities

V. Comments for CVE-2026-7389

Leave a comment